Recently, I'm doing some volunteer work for my local department. I've been there before, so I know what I'm getting into. However, I'm not as familiar with special requirements they have like HIPAA. For anyone who's worked in these conditions, what should I look out for? I'm in Wisconsin. Are there special requirements for like Desktops, OS, Routers/Switches/APs, surveillance, printers and so forth? They already use specialized applications for fire/EMS (which I will look into nonetheless).

you should not have to worry about HIPPA as you not medical office billing anyone. https://www.hhs.gov/hipaa/for-professionals/faq/190/who-must-comply-with-hipaa-privacy-standards/ind... If it had you it would be under what ever software they are using. you would need them to check with Local EMS rules. Check with a neighboring fire DEPT. equipent shoudl be like any other office. Unless computer are to be in WET environment. other than that unless they have specif requirement networking adn PC should be normal equipemnt.. Add a Good firewall you protect network adn you soudl be about there

Health plansHealth care clearinghousesHealth care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers.

I would be looking more at CJIS information if it is being transferred into the station. Most likely not since this is Fire most CJIS would be with Police but sometimes dispatch sends things through that Fire sees (specialized software you mention). There is plenty of things that need to be secure no matter where you are at. The Fire departments we work with usually do not see this information but it sometimes can come through so any computer system in the vehicle also must meet CJIS requirements.

HIPPA as an example. The fire department does EMS as well, so I know they're bound to that. Basically, I want to make sure, in the event of an audit, we pass.

Who would be preforming an audit on you? What specific audit would they be preforming? Auditors have guidelines and checklists for stuff that they look for. You should be able to ask them for a copy of their guidelines so you know how to be complaint.

HIPPA as an example. The fire department does EMS as well, so I know they're bound to that. Basically, I want to make sure, in the event of an audit, we pass.

Who would be preforming an audit on you? What specific audit would they be preforming? Auditors have guidelines and checklists for stuff that they look for. You should be able to ask them for a copy of their guidelines so you know how to be complaint.

I figure the State of Wisconsin. I wasn't sure if there was a general guideline for this kind of stuff. Perhaps reaching out directly to them or the organizations that hold these guidelines would be a good way to find out?

Think of what I'm asking is about a test. I know there's one out there, I just don't know the questions on the test.

Alongside HIPPA I wonder if there are not any special requirements for 911 services and priority network or communication traffic since they are a priority first responders. I am talking out of my rear as I have no experience in any emergency services but it is a question I would ask as I know when it comes to anything dealing with 911 (even down to VOIP phones) there are special instructions/restrictions/responsibilities as it is a specialized service. I think our brethren over the pond use 999 if I am not mistaken but i bet they have similar issues as well.

Those are good from the IT perspective. and some of the other comments are good idea to keep in mind as well. Once you know what HIPAA is then you know beyond that people are the biggest block to hurdle over. Yourself included. You can talk about anything you see with anyone else either. If someone comes in and tries to read over your shoulder you have to turn the monitor off or close the laptop. I know it sounds dumb but it happens. I had to do a quick cert in HIPAA for my organization so I could work on PC's in the EMS dept here. As long as you feel confident that the personal records of the patients won't be shared with anyone not authorized you're good. Course I am paranoid about it and never feel anything is 100% so there you go.

I work with a fire dept and ours do not require anything i know that is special or with hippa. They use a system/program that they use to enter information. Besides that it is like a normal office setting.

Edit - The only special thing i think we got is the radio setup with a button they hit before they leave on a call to inform the police that they are on the way.

The supplier of the back end software is most likely responsible for servicing the equipment as well. If not, they are sub contracting to the local Telco for the requirements on the servers and infrastructure. I am 99% sure of this. I used to install emergency systems for the US and Canada.

Other than that, you are going to have to break it down - a lot. Federal < State < County. Each of which will have their own requirements and each will go one up on the next. The Fire Chief should have a point of contact at the local Telco and a contact for the Vendor of the software.

Interesting question. I am on the same path currently. We have been able to establish a network with some workstations, but security is now the topic.

First off, make sure the Brass support this... I can't emphasize this enough. You may need to draw it out for them (literally).

Currently I am looking at it this route:

The network has PII - Personal Identifier Information

i.e. SSN's, Name, Addresses, the usual HR stuff

Has our budget information

I need to look further into it, but with that being said, if you adhere to HIPAA standards, then you should be good to go, even if they may not be required. Find the highest security requirements and follow them. You would rather be too secure than not enough.

I work for a fire dept as well there are no requirements for HIPPA. The only thing was to make sure very thing is saved where is should on the network be and not on a desktop where everyone can see info of the incident .

For the FDPs and EMS / First Responder networks we have helped with, constant connectivity, central management, security and network segmentation are the highest priorities. Other issues like CAD integration and compliance requirements are specific to the network segment and function in question. Some EMS outfits are required by the hospitals they contract with to be HIPPA compliant for others its a non-issue because they are independent (as an example).

Anyone who stores medical records is subject to HIPPA so in addition to reading ALL the provisions of HIPPA I would also look at HITECH The Health Information Technology for Economic and Clinical Health Act (2009). This is a supplement to HIPPA and it's got more teeth than the 1996 act.

If you are responsible for telecom as well you should ensure you data lines are covered under the TSP system. This ensures if there is a disaster your phone lines have a higher priority for restoration than my house phone or the bakery down the street.

For the FDPs and EMS / First Responder networks we have helped with, constant connectivity, central management, security and network segmentation are the highest priorities. Other issues like CAD integration and compliance requirements are specific to the network segment and function in question. Some EMS outfits are required by the hospitals they contract with to be HIPPA compliant for others its a non-issue because they are independent (as an example).

If you are responsible for telecom as well you should ensure you data lines are covered under the TSP system. This ensures if there is a disaster your phone lines have a higher priority for restoration than my house phone or the bakery down the street.